Section 1 — System Security Hardening

Complete these steps before installing OpenClaw. These protect the host machine itself.

#	Security Item	Details / Action
1	Strong Login Password	Use a long, unique passphrase. Do not reuse passwords from other accounts.
2	Full Disk Encryption	Enable FileVault (macOS) or BitLocker (Windows). Encrypts all data at rest with AES-256. Required if the machine is ever transported or shared.
3	Remote Wipe Capability	macOS: Enable Find My Mac. Windows: Enable Find My Device. Allows remote lock/wipe if machine is lost or stolen.
4	Screen Lock — Immediate	Set screen lock timeout to 1 minute or less. Require password on wake. Prevents physical access when unattended.
5	Startup Security (macOS)	Recovery Mode → Startup Security Utility → Full Security. Prevents boot from unauthorized media.
6	Tailscale VPN	Keep the OpenClaw gateway off the public internet. Tailscale provides encrypted access from trusted devices only. Never expose the gateway port publicly.

Section 2 — OpenClaw & Local AI Model Setup

Steps to install and configure OpenClaw with a local model via Ollama.

#	Setup Item	Details / Action
7	Install Ollama	Run the official installer from ollama.com. Ollama is the runtime that serves local LLMs. Verify it binds to localhost only after install (see item 10).
8	Pull Local AI Models	Run: ollama pull deepseek-r1:14b — Recommended for 24GB RAM. Provides strong reasoning (~9GB on disk). Also consider: ollama pull qwen3:14b as a secondary model. Ollama loads one model at a time.
9	Install & Configure OpenClaw	Follow the official OpenClaw quick-start. Set primary model to ollama/deepseek-r1:14b in config. Configure Anthropic API key as optional cloud fallback only (see Section 3 before enabling for privileged sessions).
10	Verify Ollama is Localhost Only	Run: curl http://localhost:11434 — should respond. Run: curl http://0.0.0.0:11434 — should fail or not respond from external. If exposed, edit Ollama's service config to bind only to 127.0.0.1.
11	Configure Auto-Start	Set up launchd (macOS) or Task Scheduler / NSSM (Windows) so OpenClaw gateway and Ollama start automatically at boot. This ensures the agent is always available.
12	Set API Spending Limits	If using cloud API fallback, set a hard daily spending limit ($5–$10/day) in your Anthropic console. Prevents runaway costs from misconfigured agent loops.

Section 3 — Confidential & Sensitive Data Handling

These controls apply whenever OpenClaw processes files or data that are confidential, privileged, or subject to any professional, legal, or personal privacy obligation.

⚠ IMPORTANT SECURITY WARNING OpenClaw with a cloud API key (Anthropic, OpenAI, etc.) sends prompt content to third-party servers. Any file content, document text, or query passed to a cloud model is transmitted and may be retained. For privileged, confidential, or sensitive data: disable cloud API fallback and use a local-only model. This is not optional — it is the only way to ensure sensitive data never leaves your machine.

#	Confidentiality Control	Details / Action
A	Privileged Session Config	Create a separate config file (e.g., openclaw-privileged.json) with no cloud API keys. Use only the local Ollama model. Switch to this config before any session involving confidential data.
B	Encrypted Storage for Sensitive Files	macOS: Create an encrypted sparse bundle via Disk Utility (256-bit AES) for all sensitive files. Windows: Use BitLocker-encrypted folder or VeraCrypt container. Never store sensitive files in cloud-synced directories.
C	Disable Cloud Sync for Sensitive Directories	Exclude all sensitive file locations from iCloud, Google Drive, OneDrive, and Dropbox sync. Verify in each app's settings that the folders are explicitly excluded.
D	Restrict OpenClaw Log Permissions	OpenClaw logs may capture prompt content. Restrict access: macOS/Linux: chmod 700 ~/.openclaw/logs — Windows: set folder permissions to current user only. Review logs periodically and purge when no longer needed.
E	Workspace Privacy (Shared Spaces)	When working in shared or semi-public environments, use a privacy screen filter. Be aware of shoulder surfing when sensitive content is visible on screen.
F	Audit Skills Before Installing	Every OpenClaw skill (plugin) is community-contributed code that runs on your machine. Read the source before installing any skill. Reject any skill that requests unexpected permissions (shell.execute, fs.read_root) for unrelated functions. A prior supply chain attack infected ~10% of skills in the community registry — vet before you install.
G	Privileged Session Protocol	Standard sequence for sensitive work: (1) Mount encrypted storage volume. (2) Start OpenClaw with privileged (local-only) config. (3) Confirm model is local — check OpenClaw status. (4) Complete work. (5) Unmount/lock encrypted volume. (6) Return OpenClaw to standard config.

Section 4 — Machine Loss or Theft Response

If the machine is lost, stolen, or compromised, execute these steps immediately and in order:

Remote lock or wipe: icloud.com/find (macOS) or account.microsoft.com/devices (Windows). Lock immediately; wipe only if confident data cannot be recovered another way.
Revoke the device in your Tailscale admin console (tailscale.com/admin). This cuts off network access from the stolen machine immediately.
Rotate all cloud API keys: Anthropic console, OpenAI, and any other services configured in OpenClaw. Assume all keys on the machine are compromised.
Invalidate or rotate the OpenClaw auth token. Update the token on all other devices running OpenClaw.
If sensitive files were stored on the machine: assess what was present, whether it was encrypted (FileVault/BitLocker), and whether notification obligations apply under any applicable professional or legal rules.

Section 5 — Ongoing Maintenance

Security is not a one-time setup. These recurring tasks are required to maintain a secure deployment.

Frequency	Task
On every update	Update OpenClaw to the latest version. Security patches have addressed critical vulnerabilities (including remote code execution). Never skip updates.
Weekly	Run npm audit in the OpenClaw directory to check for dependency vulnerabilities. Review any new skills before use.
Monthly	Review OpenClaw log files for unexpected activity. Purge logs containing sensitive content. Verify Ollama still binds to localhost only. Check Tailscale device list for any unrecognized devices.
When adding skills	Read the full skill source before installing. Check the permissions object — reject any unexpected shell or filesystem permissions. Cross-reference against known issues in the community.
After any incident	Rotate API keys, invalidate auth tokens, review logs, assess what data was accessible.

Section 6 — Remote Access Security

These guidelines apply when accessing your Mac Mini remotely from another computer (Windows, Linux, or macOS). Remote desktop sessions expose screen content over the network — the controls below ensure that exposure is limited to encrypted, trusted channels only.

⚠ CRITICAL RULE: NEVER open a remote desktop session on an unsecured network without Tailscale active. Without Tailscale, VNC traffic travels unencrypted. On any public or shared network (coffee shop, hotel, airport, client office), this means your screen content — including confidential documents, client data, and research — is readable by anyone on the same network using freely available tools. Before opening any remote session: confirm Tailscale shows as connected. If it is not connected, reconnect before proceeding or do not open the session.

#	Remote Access Control	Details / Action
H	Recommended Stack	Primary: Tailscale (WireGuard tunnel) + RealVNC Viewer. Enable macOS Screen Sharing to activate the built-in VNC server. Install RealVNC Viewer (free) on all remote machines (Windows, Linux, macOS). Connect using the Mac Mini’s Tailscale IP address. Never expose the VNC port directly to the internet.
I	Understanding “Unsecured Network”	Any network you do not fully control or trust: coffee shop WiFi, hotel, airport, client office, coworking space, or public hotspot. On these networks, other users or the network operator can intercept unencrypted traffic using freely available tools. Tailscale’s WireGuard tunnel encrypts all VNC traffic before it touches the local network, making interception useless even on hostile networks.
J	Tailscale Nuances to Know	(1) Tailscale’s coordination servers see connection metadata (which devices connected, when) but never your screen content — acceptable for professional use. (2) When a direct peer-to-peer connection cannot be established, traffic routes through Tailscale’s DERP relay servers. This traffic remains WireGuard-encrypted; Tailscale cannot read it. (3) Leave Tailscale running at all times on all your machines as a best practice — removes any risk of accidentally connecting without it.
K	Remote Machine Requirements	The remote computer must be trusted and secured. The Tailscale tunnel protects traffic in transit but cannot protect against screen content being viewed by others on the endpoint. Use only your own secured devices for confidential remote sessions. Never use a shared, public, or unmanaged computer to access confidential work remotely.
L	Tools NOT Appropriate for Confidential Work	Chrome Remote Desktop, Parsec, TeamViewer (free tier), and AnyDesk route screen content through third-party corporate relay servers. This is disqualifying for any session involving client data, privileged work product, or confidential research. These tools are acceptable only for casual, non-sensitive use.

This document is a personal reference guide. Review applicable professional rules and consult with qualified counsel regarding specific obligations.